<?php
	$fType = $_GET["fType"];
	$roomGuid = $_GET["roomguid"];
	$fName = $_GET["fname"];	
	
	if($fType == 0){
		$fileLocation = '../djData/'.$roomGuid.'/saveattachment/'.$fName;
		downloadFile($fileLocation);
	}else{
		include 'config.php';
		$Root = utf8_decode($flvrootpath);
		$fullPath = $Root.'\\'.$roomGuid.'\\'.$fName;
		checkFileIsInsideRootDirectory($fullPath, $Root);
		forceDownload($fullPath);
	}
	
	function downloadFile($fileLoc){
		if(file_exists($fileLoc)){
			$file = $fileLoc;
			header('Content-Description: File Transfer');
			header('Content-Type: application/octet-stream');
			header('Content-Disposition: attachment; filename='.basename($file));
			header('Content-Transfer-Encoding: binary');
			header('Expires: 0');
			header('Cache-Control: must-revalidate');
			header('Pragma: public');
			header('Content-Length: ' . filesize($file));
			ob_clean();
			flush();
			readfile($file);
			exit;
		}else echo "File Not Exist";
	}
	
	function checkFileIsInsideRootDirectory($path, $root_directory) {
		$realpath = realpath($path);

		if (!file_exists($realpath))
			die("File is not readable: " . $path);

		// detects insecure path with for example /../ in it
		if (strpos($realpath, $root_directory) === false || strpos($realpath, $root_directory) > 0)
			die("Download from outside of the specified root directory is not allowed!");
	}

	function forceDownload($path) {
		$realpath = realpath($path);

		if (!is_readable($realpath))
			die("File is not readable: " . $path);

		$savename = (basename($path));

		header("Pragmaes: 0");
		header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
		header("Cache-Control: private", false);
		header("Content-type: application/force-download");
		header("Content-Transfer-Encoding: Binary");
		header("Content-length: " . filesize($path));
		header("Content-disposition: attachment; filename=\"$savename\"");

		readfile("$path");
		exit;
	}
?>